On April 24, 2018, Quest Software filed a breach-of-contract court case against Nike, the most famous sports brand. This was after Nike refused to pay Quest $15,646,191.55 in license compliance fees claimed by Quest following a software audit (I found the $0.55 accuracy quite interesting). The audit started in early 2017, so this has been in the works for some time. In short, Quest’s appointed auditors from Deloitte had found what Quest claimed were significant over deployment, unauthorized access, and use of pirated license keys, among other issues. The $15M bill included fees, fines, and interest. Nike, of course, disputed almost all of this and largely rejected the findings. Instead, in September 2017, Nike offered to pay $348,664.74 to settle the issue. After several months of further haggling, Quest took Nike to court.
We will reserve a more detailed analysis of this case for future posts. For now, let’s take a high level look at the new kid on the block.
Quest Software Audits – The New Kid On the Block.
Quest Software has been around since 1987 and is well known for its DR, identity management, and database management products. Their TOAD product is very popular with Oracle DBAs. The company has changed hands several times. In 2012, it was acquired by Dell. It appears things didn’t go well. In 2016, Dell sold Quest to private equity firms Francisco Partners and Elliott Management. The involvement of Francisco Partners is interesting. In the recent past, they had owned another software company supremely notorious for its aggressive, even predatory, compliance practices – Attachmate Corporation. It appears that special flavor of software compliance, with a strong predilection for aggressive audits with rapid legal escalation, has now been infused into Quest Software.
A cursory read of Nike’s response gives amazing insight into Quest’s tactics and approach, including the use of arbitrary interest calculations and fees with no contractual basis. If Nike’s responses are to be believed, then Quest’s approach is equal parts deceptive and predatory. Honestly, it appears that Nike’s naive dealing with Quest’s opening salvo, and allowing Deloitte’s unsupervised data collection, is partly to blame as well.
Interestingly, Nike’s response filing also reference similarly aggressive court cases being pursued by Quest against ERCOT, HCL America, and World Fuel Services Corporation. Quest’s approach and philosophy appear to follow a predictable routine.
One of the key issues raised by Quest depends on what constitutes an “authorized” user. According to Quest, if a user can access its software, then licensing is required, even if the user had no need or history of using the software. Nike disputes this interpretation. This issue tends to arise for user-based licensing for several vendors, including Oracle. The disagreement on interpretation between Quest and Nike is something we’ve seen many times before, including in the famous Oracle v. Mars. While that case largely focused on VMware, this indirect access issue was part of the filing. However, that case was settled out of court with Oracle backing down. This issue has never been definitively ruled on in US courts. European courts have ruled in favor of the vendor in the past, famously in favor of SAP against one of its customers. However, this case will be very interesting to watch as it makes it way through the legal system.
Data – The Crucial Element.
As with all audits, the most important thing customers should be mindful of is that data being collected by the auditors. It is often excessive and subject to interpretation. Most importantly, once it’s in the hands of the auditors, it can be, and often is, used as evidence for backing up legal action.
A Methodical Defense.
As with any license audit, it is crucial to have a methodical audit response that includes scope definition and management, a designated response team, and expert internal analysis of all data and evidence being collected by auditors. These need to be supported by firm understanding of the key contractual terms and definitions that define the relationship between the customer and vendor.
If you are nearing the end of an Oracle audit and need expert support through the audit resolution stage to reduce and minimize audit findings, our team of ex-Oracle auditors are here to help. Reach out to us for a consultation.